At a glance.
- US senators push for reversal of Ligado satellite network decision.
- Is a bug-free SBOM enough?
US senators push for reversal of Ligado satellite network decision.
Soon after satellite communications company Ligado Networks received approval from the US Federal Communications Commission (FCC) in 2020 to create a terrestrial wireless network in the L-band satellite spectrum, government officials and industry leaders began urging the FCC to reverse its decision. The FCC denied requests for a stay in January 2021, but now, as Satellite Today reports, a bipartisan group of senators has submitted a letter asking the commission to withdraw Ligado’s license due to the potential GPS interference the network could cause. The letter reads, “We remain gravely concerned that the Ligado order fails to adequately protect adjacent band operations — including those related to GPS and satellite communications — from harmful interference impacting countless military and commercial activities.”
As Defense News explains, the National Telecommunications and Information Administration previously led a coalition including the Defense Department and Transportation Department pushing the FCC to stay the order for the same reasons. The Satellite Safety Alliance voiced their agreement with the senators’ stance: “The grave concerns expressed in the letter reflect the overwhelming concern shared by 14 federal agencies and a vast federal and commercial user base of GPS, satellite communications, and weather forecasting services. This letter comes at a critical time, and we agree that the FCC must act quickly to address the imminent — but preventable — harm from Ligado’s proposed terrestrial network.”
It’s worth noting that on September 9 the National Academy of Sciences is set to release a study on the FCC Ligado order that will “consider how best to evaluate harmful interference to civilian and defense users of GPS, the potential for harmful interference to GPS users and DOD activities, and the effectiveness and feasibility of the mitigation measures proposed in the FCC order.” It will arrive just in time, as Ligado Networks is set to launch the terrestrial wireless network as soon as October.
Is a bug-free SBOM enough?
The National Defense Authorization Act for Fiscal Year 2023, passed last month by the US House of Representatives, includes a section prohibiting the Department of Defense (DoD) from procuring any software applications that contain a single security vulnerability. The bill states that each item on a software bill of materials (SBOM) must be free “from all known vulnerabilities or defects affecting the security of the end product or service.” However, it also includes a caveat that vulnerable software can be purchased as long as the vendor provides mitigation plans for all known security issues, a loophole that some sources say allows vendors like Microsoft to retain the DoD as a customer while simultaneously working on a laundry list of software bugs. While some officials agree a vulnerability-free SBOM should be common security practice, others say it’s perhaps not enough, as external components can also contain bugs that could leave systems at risk. Speaking to IT Pro, Chris Gould, chief consulting officer at cyber security firm Reliance acsn, added that many nation-state hackers use zero-day vulnerabilities rather than the common bugs that would be listed in an SBOM. The bill will now progress to the Senate and the President for final approval.